ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] SSP and o= values

2006-03-27 18:06:42

On Mar 27, 2006, at 3:16 PM, Tony Hansen wrote:

I make no assumption on the question of TXT versus other DNS RR's at all. I view this topic to be totally orthogonal to the DNS question and unrelated. I see having o=~ as difficult to remember, describe and use, irrespective of what the DNS record looks like otherwise.

An ability to recognize an email-address will become increasingly difficult once the EAI WG concludes. Internationalization requires less reliance upon email-address recognition and more upon the signing-domain and key-groups. Trust in the message content should be based upon both a restrictive key and the signing-domain. Associations between domains would be useful for message handling, which is not possible using these simple character flag or mnemonic assertions.

Establishing an association between various domains contained within the message and the DKIM signature would be better served using a domain name list (PTR RRsets). By using syntax within a name list, the same types of character flag assertions are possible, but where more information is made available. Rather than indicating some third-party signature should be acceptable, a specific list can be created to convey the same assertion, but where specific domains are listed. This list could be a closed-ended list, where no other domains are directly associated with the From address. This could also be expressed as an open-ended list. The use of PTR RRs provides for name compression. A new RR type would not have this ability.

Where it is common for ESPs to provide outbound mail service without restricting the From address, the lack of a restrictive key-group, such as "admin", could warn of a lack of assurance. Annotations regarding what should be trustworthy should consider both the signing- domain and the key-group, where further assurances are established by making explicit domain associations. This approach would allow the signing-domain to be different from the From email-address domain. The association would be an assurance offered by the email-address domain owner, much as the intent of the limited SSP assertions.

-Doug


_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html